AN 759: Using Secure Boot in Intel® Arria® 10 SoC Devices

ID 683060
Date 3/29/2021
Public
Document Table of Contents

AN 759: Using Secure Boot in Intel® Arria® 10 SoC Devices

Updated for:
Intel® Quartus® Prime Design Suite 20.4

The Intel® Arria® 10 SoC device family and supported tools provide features and resources to create a secure boot system. Secure booting is essential to protect the design's intellectual property (through encryption) and prevent malicious software from running on the system (through authentication). A secure boot system establishes a chain of trust. Each piece of firmware or software is validated before running, and also validates the security signature on the next piece of software before loading it for execution.

This document provides methods and design examples for implementing an Intel® Arria® 10 SoC secure boot system using tools from the Intel® Arria® 10 SoC FPGA Authentication Signing Utility to secure the first-stage boot loader image. It shows how to generate a secure boot loader, creating and programming secure keys for image authentication and image encryption and decryption.

Note: Securing boot stages after the second-stage boot loader is outside the scope of this document and is dependent on your choice of OS and application. If the boot loader must secure subsequent boot stages (such as the operating system), you must implement a secure boot flow at the second-stage boot loader. Intel® Arria® 10 SoC FPGA Authentication Signing Utility does not provide any specific support for boot security beyond the second-stage boot loader.
Note: This document reflects information available at the time of publication. To ensure that you have the most recent information about enhancements to the tools and tool flow, refer to the Intel® Arria® 10 SoC FPGA Authentication Signing Utility.